Quick response codes are becoming part of campus life as more students arrive with a mobile device in their pockets. QR codes are fun for students and easy to use for college stores trying to find ways to get information out on products or special events.
The problem is the codes can also be a glaring security weakness.
“A single poisoned link is all it takes to expose an entire organization to a full-scale attack,” said David Maman, chief technology officer and founder of GreenSQL, in an article in Campus Technology.
Users are unable to turn off the browser in a mobile device, making it exposed to malware even when it’s not in use, according to Maman. In addition, malware known as a rootkit circumvents the built-in defenses of the mobile operating system.
“[Responding to a QR code] is akin to responding to electronic solicitations and would have the same risks as responding to an unknown advertising source,” said Scott Gordon, vice president, worldwide marketing, for ForeScout Technologies. “There is a potential to go to a site or invoke a request for an application that appears to be reputable but is not.”
Gordon recommends educating users about the risks, particularly as they apply to mobile devices, and encouraging campus users to report possible threats. He also suggests requiring the use of antivirus software across the campus, instituting network controls to monitor all access, and installing management software to provide data-level protection for faculty devices, along with creating a policy of do’s and don’ts for students to follow with their personal devices.